June 19, 2020

As AWS reports largest ever attack, others warn of heightened DDoS risk

By Ellen Daniel

Amazon Web Services has said it has stopped the largest ever distributed denial of service (DDoS) attack.

A DDoS attack is when a cyber attacker floods a website with bot traffic so it is overloaded and has to be taken offline.

AWS Shield, the security service that protects applications running on AWS cloud from DDoS attacks, blocked a 2.3TB per second (Tbps) attack in February. According to the BBC, the previous record, set in 2018, was 1.7Tbps.

Details of the attack were published in AWS’s Q1 threat report, which said that the attack was “approximately 44% larger than any network volumetric event previously detected on AWS.” It caused 3 days of elevated threat.

DDoS attacks see “dramatic rise” amid Covid-19

Technology company Neustar has warned of a “dramatic rise” in DDoS attacks during the Covid-19 pandemic, with the company mitigating more than twice the number of attacks as in first quarter 2019.

Non-profit organisations have also been particularly affected. According to Cloudflare, DDoS attacks against US anti-racism advocacy groups increased 1,120-fold between 26 May and 01 June compared with the last week in April.

As news of AWS’s record breaking DDoS attack emerges, global content delivery network Akami also reported a significant attack. During the first week of June 2020, it mitigated an attack against an internet hosting provider, the largest the company has seen at  1.44Tbps

Roger Barranco, Vice President of Global Security Operations at Akamai said:

“During the first week of June (2020), Akamai mitigated a massive DDoS attack against an internet hosting provider that was unlike anything Akamai had ever seen. The attack appears to have been a planned and orchestrated effort – and appears that someone was very intent on maximising damage.

“What made this DDoS attack unique was not only its size (at 1.44Tbps it is the largest Akamai has ever seen for BPS; this attack was also 385 MPPS) and duration (spanned nearly two hours), but also its complexity: Globally distributed traffic. (Geographic concentration is the norm for DDoS attacks), Mirai had some continental and geographic distribution, but not to this extent, 9 different attack vectors (typical DDoS attacks we see use 1-3).”


Read more: Australia cyberattacks: “Concerning but not unexpected”.